GD Hacker Mode v30[.]38[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

GD Hacker Mode v30.38.zip
Size

4.2MB
MD5

a5b7dc122a77fa852f58ec5f71357de2
SHA1

23e90f5f60a5e0e9416cd574cc9ef0ffe4eb2dc8
SHA256

accb47d42b85f1c51c1413b0076edcd469feaa83c6d92f6a61bbf922cd2fc5b5
SHA512

58e2b1df696be5ace147f562ef62c6bd4ab857c998a289d4b0d545f930fdabeb60834a19170873c51476090b95343168ed31f7a160cde915b0555d272695d706
SSDEEP

98304:AAIpryIdgvogMsF597iMnK/hKFP+10HYJKcl8e5fPY5+wiU2:KpOIduoJo97bkhKJ+mHKKcl8ofPY5+wU

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ToastedMarshmellow.dll
unpack001/pthreadVCE2.dll
unpack001/pthreadVCE2.dll.bak

Files

GD Hacker Mode v30.38.zip
.zip
D3DCompiler_43.dll
.dll windows:6 windows x86 arch:x86

6ba7b0e4e74a8eea96dca4fffc88b859

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb
Signer

Actual PE Digest

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
_initterm
_XcptFilter
_CxxThrowException
memset
memcpy
isxdigit
atof
setlocale
_strdup
_mbstrlen
modf
isalnum
_isnan
ceil
_finite
strrchr
_clearfp
_controlfp
_strnicmp
_fpclass
_purecall
strncmp
isspace
strstr
getenv
_stricmp
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
_vsnprintf
_errno
__CxxFrameHandler
floor
_CIfmod
_CItanh
_CItan
_CIsinh
_CIsin
_CIlog
_CIpow
_CIexp
_CIsqrt
_CIcosh
_CIcos
_CIatan2
_CIatan
_CIasin
_CIacos

gdi32

DeleteObject

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
UnmapViewOfFile
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
GetLastError
SetUnhandledExceptionFilter
WideCharToMultiByte
GetFullPathNameA
HeapCreate
OutputDebugStringA
LoadLibraryA
GetModuleHandleA
lstrcmpiA
TlsFree
TlsGetValue
HeapDestroy
TlsSetValue
InterlockedExchange
TlsAlloc
Sleep
InterlockedCompareExchange
FreeLibrary
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
MultiByteToWideChar
GetVersion

Exports

Exports

D3DAssemble
D3DCompile
D3DCompressShaders
D3DCreateBlob
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DPreprocess
D3DReflect
D3DReturnFailure1
D3DStripShader
DebugSetMute

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GDHM-mod/bypass.json
GDHM-mod/core.json
GDHM-mod/creator.json
GDHM-mod/global.json
GDHM-mod/player.json
ToastedMarshmellow.dll
.dll windows:6 windows x86 arch:x86

1b74649cad398eec3b2c115a31951d87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAStartup
listen
ntohl
htonl
accept
WSAIoctl
WSASetLastError
htons
getsockname
__WSAFDIsSet
closesocket
select
shutdown
WSASocketW
getaddrinfo
getpeername
send
socket
ntohs
connect
recv
getsockopt
freeaddrinfo
ioctlsocket
getnameinfo
setsockopt
WSAGetLastError
WSACleanup
bind

advapi32

RegOpenKeyExW
RegCreateKeyExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegQueryValueExW
RegSetValueExW

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
GetModuleHandleW
VirtualFree
VirtualAlloc
VirtualQuery
HeapCreate
HeapFree
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
FlushInstructionCache
SetThreadContext
OpenThread
ReadFile
GetFileSizeEx
WriteProcessMemory
GetModuleFileNameW
WaitForSingleObject
GetExitCodeThread
K32GetModuleInformation
LoadLibraryExW
CreateDirectoryW
FindFirstFileExW
GetFullPathNameW
FindNextFileW
FindClose
GetLastError
GetLogicalDriveStringsA
GetCurrentThread
SetLastError
OutputDebugStringA
GetEnvironmentVariableW
GetWriteWatch
CreateFileW
LocalFree
IsDebuggerPresent
CheckRemoteDebuggerPresent
ReleaseSemaphore
SetThreadPriority
CreateEventW
GetFileInformationByHandle
CreateFileA
SetEvent
ResetEvent
SetFilePointerEx
GetProcessHeap
CreateSemaphoreW
GetCurrentProcessId
UnmapViewOfFile
LockResource
LoadResource
FindResourceW
CreateFileMappingW
MapViewOfFile
GetProcessId
FreeLibraryAndExitThread
WaitForSingleObjectEx
GetSystemFirmwareTable
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
VirtualProtect
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
AreFileApisANSI
GetTempPathW
SetEndOfFile
GetFileAttributesExW
GetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
SwitchToThread
FormatMessageA
TryEnterCriticalSection
WaitNamedPipeW
lstrlenW
DecodePointer
RaiseException
VerifyVersionInfoA
FormatMessageW
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetEnvironmentVariableA
MoveFileExA
GetTickCount
GetSystemDirectoryA
SleepEx
EnumSystemLocalesW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetFileAttributesA
GetConsoleMode
Sleep
GetDynamicTimeZoneInformation
WriteFile
WriteConsoleA
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetProcAddress
CreateThread
LoadLibraryA
GetModuleHandleA
GetCurrentThreadId
GetModuleHandleExW
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
DuplicateHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
ExitThread
ReadConsoleW
GetConsoleCP
GetDateFormatW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryW
ReadProcessMemory
DeleteTimerQueueTimer
GetCurrentProcess
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
SizeofResource
GetCommandLineW
GetCommandLineA

shell32

ShellExecuteA
ShellExecuteW

user32

GetCursorInfo
GetForegroundWindow
SetWindowLongA
CallWindowProcW
MessageBoxA
GetDesktopWindow
EnumDisplaySettingsA
SetWindowLongW
ClipCursor
WindowFromDC
GetSystemMetrics
SetWindowPos
DrawIconEx
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
LoadCursorW
IsChild
ClientToScreen
GetCapture
ScreenToClient
SetClipboardData
GetWindowRect
FindWindowExW
MoveWindow
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassExW
GetKeyState

opengl32

glPopMatrix
glViewport
glEnableClientState
glPopAttrib
glPolygonMode
glBindTexture
glGenTextures
glVertexPointer
glEnable
glScissor
glDisableClientState
glMatrixMode
glBlendFunc
glLoadIdentity
glTexParameteri
glTexCoordPointer
glTexImage2D
glColorPointer
glTexEnvi
glDrawElements
glDisable
glPushMatrix
glShadeModel
glPixelStorei
glOrtho
glPushAttrib
glGetIntegerv
wglGetCurrentContext
wglCreateContext
wglMakeCurrent
glGetTexEnviv

winmm

sndPlaySoundW

libcocos2d

??0CCPoint@cocos2d@@QAE@MM@Z
??0CCSize@cocos2d@@QAE@MM@Z
?create@CCEaseOut@cocos2d@@SAPAV12@PAVCCActionInterval@2@M@Z
?create@CCEaseIn@cocos2d@@SAPAV12@PAVCCActionInterval@2@M@Z
?sharedDirector@CCDirector@cocos2d@@SAPAV12@XZ
?create@CCLabelBMFont@cocos2d@@SAPAV12@PBD0@Z
?scheduleOnce@CCNode@cocos2d@@QAEXP8CCObject@2@AEXM@ZM@Z
??0CCPoint@cocos2d@@QAE@ABV01@@Z
?resizeWindow@CCEGLView@cocos2d@@QAEXHH@Z
?centerWindow@CCEGLView@cocos2d@@QAEXXZ
?showCursor@CCEGLView@cocos2d@@QAEX_N@Z
?sharedOpenGLView@CCEGLView@cocos2d@@SAPAV12@XZ
?setDispatchEvents@CCTouchDispatcher@cocos2d@@QAEX_N@Z
?create@CCEaseBackOut@cocos2d@@SAPAV12@PAVCCActionInterval@2@@Z
?create@CCScaleTo@cocos2d@@SAPAV12@MM@Z
?create@CCEaseElasticOut@cocos2d@@SAPAV12@PAVCCActionInterval@2@@Z
?create@CCSpawn@cocos2d@@SAPAV12@PAVCCFiniteTimeAction@2@ZZ
?create@CCMoveBy@cocos2d@@SAPAV12@MABVCCPoint@2@@Z
??0CCSize@cocos2d@@QAE@ABV01@@Z
?objectAtIndex@CCArray@cocos2d@@QAEPAVCCObject@2@I@Z
?create@CCEaseExponentialOut@cocos2d@@SAPAV12@PAVCCActionInterval@2@@Z
?create@CCSequence@cocos2d@@SAPAV12@PAVCCFiniteTimeAction@2@ZZ
?runAction@CCNode@cocos2d@@QAEPAVCCAction@2@PAV32@@Z
?create@CCDelayTime@cocos2d@@SAPAV12@M@Z
?create@CCEaseBackInOut@cocos2d@@SAPAV12@PAVCCActionInterval@2@@Z
?create@CCRotateTo@cocos2d@@SAPAV12@MM@Z
??0CCRect@cocos2d@@QAE@MMMM@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

d3dcompiler_43

D3DCompile

gdi32

AddFontResourceW

ole32

CoCreateInstance
CoTaskMemFree
PropVariantClear
CoInitializeEx
CoUninitialize

mfplat

MFCreateMemoryBuffer
MFCreateAttributes
MFCreateSample
MFShutdown
MFStartup
MFCreateMediaType

mfreadwrite

MFCreateSinkWriterFromURL

d3d11

D3D11CreateDevice

wldap32

ord33
ord35
ord79
ord30
ord200
ord301
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord143
ord217
ord46

normaliz

IdnToAscii

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
PFXImportCertStore
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertCloseStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

Exports

Exports

?main_unload@@YAXXZ

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pthreadVCE2.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 44KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tmdll
Size: 160B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pthreadVCE2.dll.bak
.dll windows:4 windows x86 arch:x86

3cb670276d26003b3e60cc547afc3c3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

calloc
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_ftime
_beginthreadex
malloc
exit
_errno
_CxxThrowException
__CxxFrameHandler
_endthreadex
?set_terminate@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
free

wsock32

WSAGetLastError
WSASetLastError

kernel32

TlsGetValue
CloseHandle
SetLastError
CreateSemaphoreA
GetCurrentProcessId
OpenProcess
SetThreadPriority
LoadLibraryA
WaitForMultipleObjects
GetCurrentThreadId
GetCurrentThread
DuplicateHandle
GetThreadPriority
InterlockedExchangeAdd
CreateEventA
FreeLibrary
GetProcAddress
SuspendThread
ResumeThread
TlsFree
ReleaseSemaphore
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsSetValue
SetEvent
GetProcessAffinityMask
GetCurrentProcess
GetLastError
Sleep
WaitForSingleObject
SetThreadContext
InterlockedDecrement
ResetEvent
GetThreadContext

Exports

Exports

pthreadCancelableTimedWait
pthreadCancelableWait
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setpshared
pthread_create
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_getconcurrency
pthread_getschedparam
pthread_getspecific
pthread_getw32threadhandle_np
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getkind_np
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setkind_np
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_win32_process_attach_np
pthread_win32_process_detach_np
pthread_win32_test_features_np
pthread_win32_thread_attach_np
pthread_win32_thread_detach_np
ptw32_get_exception_services_code
ptw32_pop_cleanup
ptw32_push_cleanup
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba7b0e4e74a8eea96dca4fffc88b859

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

gdi32

kernel32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 56KB - Virtual size: 55KB

1b74649cad398eec3b2c115a31951d87

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

kernel32

shell32

user32

opengl32

winmm

libcocos2d

imm32

d3dcompiler_43

gdi32

ole32

mfplat

mfreadwrite

d3d11

wldap32

normaliz

crypt32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 353KB - Virtual size: 352KB

.data Size: 37KB - Virtual size: 288KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.reloc Size: 83KB - Virtual size: 83KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 48KB

.rdata Size: 5KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.tmdll Size: 160B - Virtual size: 76KB

3cb670276d26003b3e60cc547afc3c3e

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

a0:dc:fd:f1:04:c6:f9:25:f4:de:ed:83:b3:1b:1c:9e:4a:d1:be:fb
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 56KB - Virtual size: 55KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 353KB - Virtual size: 352KB

.data
Size: 37KB - Virtual size: 288KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.reloc
Size: 83KB - Virtual size: 83KB

.text
Size: 44KB - Virtual size: 48KB

.rdata
Size: 5KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.tmdll
Size: 160B - Virtual size: 76KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB